Privacy Act of 1974; System of Records

Issuing agencies

Abstract

As required by the Privacy Act of 1974 and the Office of Management and Budget (OMB) Circulars A-108 and A-130, the Department of Energy (DOE or the Department) is publishing notice of a modification to an existing Privacy Act System of Records. DOE proposes to amend System of Records DOE-13 Payroll and Leave Records. This System of Records Notice (SORN) is being modified to align with new formatting requirements, published by OMB, and to ensure appropriate Privacy Act coverage of business processes and Privacy Act information. While there are no substantive changes to the "Categories of Individuals" or "Categories of Records" sections covered by this SORN, substantive changes have been made to the "System Locations," "Routine Uses," and "Administrative, Technical and Physical Safeguards" sections to provide greater transparency. Changes to "Routine Uses" include new provisions related to responding to breaches of information held under a Privacy Act SORN as required by OMB's Memorandum M-17-12, "Preparing for and Responding to a Breach of Personally Identifiable Information" (January 3, 2017). Language throughout the SORN has been updated to align with applicable Federal privacy laws, policies, procedures, and best practices.

Full Text

<html>
<head>
<title>Federal Register, Volume 89 Issue 43 (Monday, March 4, 2024)</title>
</head>
<body><pre>
[Federal Register Volume 89, Number 43 (Monday, March 4, 2024)]
[Notices]
[Pages 15561-15564]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2024-04472]


-----------------------------------------------------------------------

DEPARTMENT OF ENERGY


Privacy Act of 1974; System of Records

AGENCY: U.S. Department of Energy.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974 and the Office of 
Management and Budget (OMB) Circulars A-108 and A-130, the Department 
of Energy (DOE or the Department) is publishing notice of a 
modification to an existing Privacy Act System of Records. DOE proposes 
to amend System of Records DOE-13 Payroll and Leave Records. This 
System of Records Notice (SORN) is being modified to align with new 
formatting requirements, published by OMB, and to ensure appropriate 
Privacy Act coverage of business processes and Privacy Act information. 
While there are no substantive changes to the ``Categories of 
Individuals'' or ``Categories of Records'' sections covered by this 
SORN, substantive changes have been made to the ``System Locations,'' 
``Routine Uses,'' and

[[Page 15562]]

``Administrative, Technical and Physical Safeguards'' sections to 
provide greater transparency. Changes to ``Routine Uses'' include new 
provisions related to responding to breaches of information held under 
a Privacy Act SORN as required by OMB's Memorandum M-17-12, ``Preparing 
for and Responding to a Breach of Personally Identifiable Information'' 
(January 3, 2017). Language throughout the SORN has been updated to 
align with applicable Federal privacy laws, policies, procedures, and 
best practices.

DATES: This modified SORN will become applicable following the end of 
the public comment period on April 3, 2024 unless comments are received 
that result in a contrary determination.

ADDRESSES: Written comments should be sent to the DOE Desk Officer, 
Office of Information and Regulatory Affairs, Office of Management and 
Budget, New Executive Office Building, Room 10102, 735 17th Street NW, 
Washington, DC 20503 and to Ken Hunt, Chief Privacy Officer, U.S. 
Department of Energy, 1000 Independence Avenue SW, Rm. 8H-085, 
Washington, DC 20585 or by facsimile at (202) 586-8151 or by email at 
<a href="/cdn-cgi/l/email-protection#9ceceef5eafdffe5dcf4edb2f8f3f9b2fbf3ea"><span class="__cf_email__" data-cfemail="b3c3c1dac5d2d0caf3dbc29dd7dcd69dd4dcc5">[email&#160;protected]</span></a>.

FOR FURTHER INFORMATION CONTACT: Ken Hunt, Chief Privacy Officer, U.S. 
Department of Energy, 1000 Independence Avenue SW, Rm. 8H-085, 
Washington, DC 20585 or by facsimile at (202) 586-8151, by email at 
<a href="/cdn-cgi/l/email-protection#9eeeecf7e8fffde7def6efb0faf1fbb0f9f1e8"><span class="__cf_email__" data-cfemail="c7b7b5aeb1a6a4be87afb6e9a3a8a2e9a0a8b1">[email&#160;protected]</span></a>, or by telephone at (240) 686-9485.

SUPPLEMENTARY INFORMATION: On January 9, 2009, DOE published a 
Compilation of its Privacy Act Systems of Records, which included 
System of Records DOE-13 Payroll and Leave Records. This notice 
proposes amendments to the system locations section of that System of 
Records by removing system locations where DOE-13 is no longer 
applicable. These locations are as follows: NNSA Service Center 
Albuquerque, Atlanta Regional Support Office, Office of Energy 
Efficiency and Renewable Energy (Boston), National Energy Technology 
Laboratory (Pittsburgh and Morgantown locations), Naval Petroleum and 
Oil Shale Reserves, Naval Petroleum Reserves in California, the Office 
of Scientific and Technical Information, the Philadelphia Regional 
Support Office, the Seattle Regional Support Office, the Golden Field 
Office, the Western Area Power Administration, Office of Science 
(Chicago and Oak Ridge Offices), and the Schenectady Naval Reactors 
Office. Similarly, this notice updates the addresses for the Office of 
River Protection, the Richland Operations Office, and the Southwestern 
Power Administration. In the ``Routine Uses'' section, this modified 
notice deletes a previous routine use concerning efforts responding to 
a suspected or confirmed loss of confidentiality of information as it 
appears in DOE's compilation of its Privacy Act systems of records 
(January 9, 2009) and replaces it with one to assist DOE with 
responding to a suspected or confirmed breach of its records of 
Personally Identifiable Information (PII), modeled with language from 
OMB's Memorandum M-17-12, ``Preparing for and Responding to a Breach of 
Personally Identifiable Information'' (January 3, 2017). Further, this 
notice adds one new routine use to ensure that DOE may assist another 
agency or entity in responding to the other agency's or entity's 
confirmed or suspected breach of PII, as appropriate, as aligned with 
OMB's Memorandum M-17-12. Additionally, minor changes have been made to 
routine uses fifteen through eighteen. ``Child support'' and ``401k 
enforcement records'' have been added to the ``Categories of Records in 
the System'' section. An administrative change required by the FOIA 
Improvement Act of 2016 extends the length of time a requestor is 
permitted to file an appeal under the Privacy Act from 30 to 90 days. 
Both the ``System Locations'' and ``Administrative, Technical and 
Physical Safeguards'' sections have been modified to reflect the 
Department's usage of cloud-based services for records storage. 
Language throughout the SORN has been updated to align with applicable 
Federal privacy laws, policies, procedures, and best practices.

SYSTEM NAME AND NUMBER:
    DOE-13 Payroll and Leave Records.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Systems leveraging this SORN may exist in multiple locations. All 
systems storing records in a cloud-based server are required to use 
government-approved cloud services and follow National Institute of 
Standards and Technology (NIST) security and privacy standards for 
access and data retention. Records maintained in a government-approved 
cloud server are accessed through secure data centers in the 
continental United States.
    U.S. Department of Energy, Headquarters, 1000 Independence Avenue 
SW, Washington, DC 20585.
    U.S. Department of Energy, Bonneville Power Administration, P.O. 
Box 3621, Portland, OR 97208.
    U.S. Department of Energy, Carlsbad Field Office, P.O. Box 3090, 
Carlsbad, NM 88221.
    U.S. Department of Energy, Environmental Management Consolidated 
Business Center (EMCBC), 550 Main Street, Rm. 7-010, Cincinnati, OH 
45202.
    U.S. Department of Energy, Idaho Operations Office, 1955 Fremont 
Avenue, Idaho Falls, ID 83415.
    U.S. Department of Energy, NNSA Naval Reactors Field Office, 
Pittsburgh Naval Reactors, P.O. Box 109, West Mifflin, PA 15122-0109.
    U.S. Department of Energy, Office of River Protection, P.O. Box 
450, Richland, WA 99352.
    U.S. Department of Energy, Richland Operations Office, P.O. Box 
550, Richland, WA 99352.
    U.S. Department of Energy, Savannah River Operations Office, P.O. 
Box A, Aiken, SC 29801.
    U.S. Department of Energy, Southeastern Power Administration, 1166 
Athens Tech Road, Elberton, GA 30635-6711.
    U.S. Department of Energy, Southwestern Power Administration, One 
West Third Street, Suite 1500, Tulsa, OK 74103.
    U.S. Department of Energy, Strategic Petroleum Reserve Project 
Management Office, 900 Commerce Road East, New Orleans, LA 70123.

SYSTEM MANAGER(S):
    Headquarters: Director, Office of Financial Accounting, U.S. 
Department of Energy, 1000 Independence Avenue SW, Washington, DC 
20585.
    Field Offices: The Directors, Office of Financial Accounting of the 
DOE offices of the ``System Locations'' listed above are the system 
managers for their respective portions of this system.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 7101 et seq.; 50 U.S.C. 2401 et seq.; General Accounting 
Office Policy and Procedures Manual; Personal Responsibility and Work 
Opportunity Reconciliation Act, Public Law 104-193.

PURPOSE(S) OF THE SYSTEM:
    Records in this system are maintained and used by DOE to document 
information on employee wages, deductions, retirement benefits, and 
leave.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Current and former DOE employees and contractor personnel, 
including National Nuclear Security Administration (NNSA) personnel and 
consultants.

[[Page 15563]]

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system may contain paper and electronic files contained 
payroll-related information for DOE employees, such as time and 
attendance records, earning records, payroll actions, deduction 
information requests, authorizations for overtime and night 
differential, 401k records, child support enforcement records, leave 
requests, and Office of Personnel Management (OPM) retirement records.

RECORD SOURCE CATEGORIES:
    The subject individual, supervisors, timekeepers, official 
personnel records, and the Internal Revenue Service.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    1. A record from this system may be disclosed as a routine use to 
the Department of Treasury to collect withheld taxes, process payroll 
payments, and issue savings bonds.
    2. A record from this system may be disclosed as a routine use to 
the Internal Revenue Service to process Federal income tax payments and 
tax levies.
    3. A record from this system may be disclosed as a routine use to 
State, local, or Tribal governments to process State and local income 
tax deductions and court ordered child support or alimony payments.
    4. A record from this system may be disclosed as a routine use to 
OPM to establish and maintain retirement records and benefits.
    5. A record from this system may be disclosed as a routine use to 
the Federal Retirement Thrift Investment Board to update section 401K 
type records and benefits.
    6. A record from this system may be disclosed as a routine use to 
the Social Security Administration to establish Social Security records 
and benefits.
    7. A record from this system may be disclosed as a routine use to 
the Department of Labor to process worker's compensation claims.
    8. A record from this system may be disclosed as a routine use to 
the Department of Defense to adjust military retirement.
    9. A record from this system may be disclosed as a routine use to 
financial institutions to credit net check deposits, savings 
allotments, and discretionary allotments.
    10. A record from this system may be disclosed as a routine use to 
the employee unions to credit accounts for employees with union dues 
deductions.
    11. A record from this system may be disclosed as a routine use to 
health insurance carriers to process insurance claims.
    12. A record from this system may be disclosed as a routine use to 
the General Accounting Office to verify accuracy and legality of 
disbursement.
    13. A record from this system may be disclosed as a routine use to 
the Department of Veterans Affairs to evaluate veteran's benefits to 
which the individual may be entitled.
    14. A record from this system may be disclosed as a routine use to 
States' departments of employment security to determine entitlement to 
unemployment compensation or other State benefits.
    15. A record from this system may be disclosed as a routine use to 
the personnel, contractors, grantees, advisory boards and cooperative 
agreement holders of the Department of Labor, the Department of Health 
and Human Services, the Department of Justice, and other Federal 
agencies and their components, designated by the President to implement 
the Federal compensation program established by the Energy Employees 
Occupational Illness Compensation Program Act, for the purpose of 
outreach, to estimate radiation doses and other workplace exposures, 
and assisting in the adjudication or processing of a claim under that 
Act. Those provided information under this routine use are subject to 
the same limitations applicable to Department officers and employees 
under the Privacy Act.
    16. A record from this system may be disclosed as a routine use to 
the appropriate local, Tribal, State, or Federal agency when records, 
alone or in conjunction with other information, indicate a violation or 
potential violation of law whether civil, criminal, or regulatory in 
nature, and whether arising by general statute or particular program 
pursuant thereto.
    17. A record from this system may be disclosed as a routine use to 
a Federal, State, Tribal, or local agency to facilitate the requesting 
agency's decision concerning the hiring or retention of an employee, 
the issuance of a security clearance, the reporting of an investigation 
of an employee, the letting of a contract, or the issuance of a 
license, grant, or other benefit, to the extent that the information is 
relevant and necessary to the requesting agency's decision on the 
matter. The Department must deem such disclosure to be compatible with 
the purpose for which the Department collected the information.
    18. A record from this system may be disclosed as a routine use to 
DOE contractors in performance of their contracts, and their officers 
and employees who have a need for the record in the performance of 
their duties. Those provided information under this routine use are 
subject to the same limitations applicable to Department officers and 
employees under the Privacy Act.
    19. A record from this system may be disclosed as a routine use to 
a member of Congress submitting a request involving a constituent when 
the constituent has requested assistance from the member concerning the 
subject matter of the record. The member of Congress must provide a 
copy of the constituent's signed request for assistance.
    20. A record from this system may be disclosed as a routine use to 
the Office of Child Support Enforcement, Administration for Children 
and Families, Department of Health and Human Services, Federal Parent 
Locator System (FPLS) and Federal Tax Offset System to locate 
individuals and identify their income sources to establish paternity, 
establish and modify orders of support, and for enforcement action.
    21. A record from this system may be disclosed as a routine use to 
the Office of Child Support Enforcement, Administration for Children 
and Families, Department of Health and Human Services, FPLS and Federal 
Tax Offset System, for release to the Social Security Administration to 
verify social security numbers in connection with the operation of the 
FPLS by the Office of Child Support Enforcement.
    22. A record from this system may be disclosed as a routine use to 
the Office of Child Support Enforcement, Administration for Children 
and Families, Department of Health and Human Services, FPLS and Federal 
Tax Offset System, for release to the Department of Treasury to 
administer the Earned Income Tax Credit Program (section 32, Internal 
Revenue Code of 1986) and verify a claim with respect to employment in 
a tax return.
    23. A record from this system may be disclosed as a routine use to 
the Defense Finance and Accounting Service (DFAS) so that DFAS may 
perform payroll processing services for DOE. These services may include 
the issuance of salary payments to employees and distribution of wages; 
and the distribution of allotments and deductions to financial and 
other institutions, many of which are through electronic funds 
transfer.
    24. A record from this system may be disclosed as a routine use to 
appropriate agencies, entities, and persons when (1) the Department 
suspects or has confirmed that there has been a breach of the System of 
Records; (2) the Department has determined that as a

[[Page 15564]]

result of the suspected or confirmed breach there is a risk of harm to 
individuals, DOE (including its information systems, programs, and 
operations), the Federal Government, or national security; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with the Department's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    25. A record from this system may be disclosed as a routine use to 
another Federal agency or Federal entity, when the Department 
determines that information from this System of Records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records may be stored as paper records or electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by name, Social Security number, or payroll 
number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Retention and disposition of these records is in accordance with 
the National Archives and Records Administration-approved records 
disposition schedule with a retention of 10 years or 250 years based on 
if records contain work locations.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Electronic records may be secured and maintained on a cloud-based 
software server and operating system that resides in Federal Risk and 
Authorization Management Program (FedRAMP) and Federal Information 
Security Modernization Act (FISMA) hosting environment. Data located in 
the cloud-based server is firewalled and encrypted at rest and in 
transit. The security mechanisms for handling data at rest and in 
transit are in accordance with DOE encryption standards. Records are 
protected from unauthorized access through the following appropriate 
safeguards:
    <bullet> Administrative: Access to all records is limited to lawful 
government purposes only, with access to electronic records based on 
role and either two-factor authentication or password protection. The 
system requires passwords to be complex and to be changed frequently. 
Users accessing system records undergo frequent training in Privacy Act 
and information security requirements. Security and privacy controls 
are reviewed on an ongoing basis.
    <bullet> Technical: Computerized records systems are safeguarded on 
Departmental networks configured for role-based access based on job 
responsibilities and organizational affiliation. Privacy and security 
controls are in place for this system and are updated in accordance 
with applicable requirements as determined by NIST and DOE directives 
and guidance.
    <bullet> Physical: Computer servers on which electronic records are 
stored are located in secured Department facilities, which are 
protected by security guards, identification badges, and cameras. Paper 
copies of all records are locked in file cabinets, file rooms, or 
offices and are under the control of authorized personnel. Access to 
these facilities is granted only to authorized personnel and each 
person granted access to the system must be an individual authorized to 
use and/or administer the system.

RECORD ACCESS PROCEDURES:
    The Department follows the procedures outlined in 10 CFR 1008.4. 
Valid identification of the individual making the request is required 
before information will be processed, given, access granted, or a 
correction considered, to ensure that information is processed, given, 
corrected, or records disclosed or corrected only at the request of the 
proper person.

CONTESTING RECORD PROCEDURES:
    Any individual may submit a request to the System Manager and 
request a copy of any records relating to them. In accordance with 10 
CFR 1008.11, any individual may appeal the denial of a request made by 
him or her for information about or for access to or correction or 
amendment of records. An appeal shall be filed within 90 calendar days 
after receipt of the denial. When an appeal is filed by mail, the 
postmark is conclusive as to timeliness. The appeal shall be in writing 
and must be signed by the individual. The words ``PRIVACY ACT APPEAL'' 
should appear in capital letters on the envelope and the letter. 
Appeals of denials relating to records maintained in government-wide 
System of Records reported by Office of Personnel Management (OPM), 
shall be filed, as appropriate, with the Assistant Director for Agency 
Compliance and Evaluation, OPM, 1900 E Street NW, Washington, DC 20415. 
All other appeals relating to DOE records shall be directed to the 
Director, Office of Hearings and Appeals (OHA), 1000 Independence Ave. 
SW, Washington, DC 20585.

NOTIFICATION PROCEDURES:
    In accordance with the DOE regulation implementing the Privacy Act, 
10 CFR part 1008, a request by an individual to determine if a System 
of Records contains information about themselves should be directed to 
the U.S. Department of Energy, Headquarters, Privacy Act Officer. The 
request should include the requester's complete name and the time 
period for which records are sought.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    This SORN was last published in the Federal Register (FR), 74 FR 
1012-1014, on January 9, 2009.

Signing Authority

    This document of the Department of Energy was signed on February 1, 
2024, by Ann Dunkin, Senior Agency Official for Privacy, pursuant to 
delegated authority from the Secretary of Energy. That document with 
the original signature and date is maintained by DOE. For 
administrative purposes only, and in compliance with requirements of 
the Office of the Federal Register, the undersigned DOE Federal 
Register Liaison Officer has been authorized to sign and submit the 
document in electronic format for publication, as an official document 
of the Department of Energy. This administrative process in no way 
alters the legal effect of this document upon publication in the 
Federal Register.

    Signed in Washington, DC, on February 28, 2024.
Treena V. Garrett,
Federal Register Liaison Officer, U.S. Department of Energy.
[FR Doc. 2024-04472 Filed 3-1-24; 8:45 am]
BILLING CODE 6450-01-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>